Hi, in order to start a secure context there is token exchange right?
A typical scenario is:
token = new byte[inStream.readInt()];
Now, I'd like to have a check for entered token size before actually read it, because an attacker could possibily enter a very big number and raise an out of heap memory error in JVM (I already tested it!).
So, my question is: how can token length vary? Is there a maximum value beyond I can state there's something wrong and not read incoming data at all?